Cryptography-Digest Digest #318, Volume #10 Mon, 27 Sep 99 15:13:03 EDT
Contents:
Re: Introductory Crypto Site (SCOTT19U.ZIP_GUY)
NEMA, Swiss cipher machine (Frode Weierud)
Re: Lorenz cipher? (CryptoBook)
Re: msg for Dave Scott (Anton Stiglic)
Re: Proving cipher strength (Rochus Wessels)
Re: Decryption --Help!!! (Jerry Leichter)
Twofish and Leapfrog ("Some programmers")
Re: Cryptographically strong random number generator (Paul Koning)
Re: NEMA, Swiss cipher machine (Frode Weierud)
Re: frequency of prime numbers? (Jerry Leichter)
Re: NEMA, Swiss cipher machine (SCOTT19U.ZIP_GUY)
Re: Example of a one way function? (Patrick Juola)
Re: Increasing password security dramatically without making it harder ("Thomas J.
Boschloo")
Re: Schrodinger's Cat and *really* good compression (John Myre)
Re: EAR Relaxed? Really? ("karl malbrain")
Re: Example of a one way function? (Volker Hetzer)
simple algorithm for hardware device? ("Luigi Funes")
Re: NEMA, Swiss cipher machine (John Savard)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Introductory Crypto Site
Date: Mon, 27 Sep 1999 14:06:21 GMT
In article <7slb3e$m3u$[EMAIL PROTECTED]>, [EMAIL PROTECTED] wrote:
>http://library.advanced.org/28005/
>
>My team, for ThinkQuest, a competition to build educational web sites,
>has chosen the topic of Cryptography. We did this after realizing that
>there are few sites on the topic for beginners.
>
>We try to cover the history in a readily accessible format, and provide
>interactive demonstrations of various algorithms. In addition, we have
>a Hall of Fame, where the names of people who can break our cryptograms
>go. Another interesting aspect of our site is it's potential for
>growth. We have a section for people (like you) to upload interviews
>and editorials on encryption, all of which will go online as soon as we
>receive them.
>
>Please give us a try. If you're not interested, sorry to bother you.
>
>http://library.advanced.org/28005/
>
If you folks like you can add my contest for scott19u. Every month I add
another nibble to the solution so it can't go on for ever. It is also a very
different kind of method of encryption than what the old every day stuff is.
You can find links to the comprele source code at my site. It is not the
kind of encryption that could have been done with out the computer.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
http://members.xoom.com/ecil/index.htm
NOTE EMAIL address is for SPAMERS
------------------------------
From: [EMAIL PROTECTED] (Frode Weierud)
Subject: NEMA, Swiss cipher machine
Date: 27 Sep 1999 12:51:05 GMT
Reply-To: [EMAIL PROTECTED]
The Cipher Simulation Group (CSG) has just released a computer
simulation of the Swiss cipher machine NEMA (NEue MAschine).
An article describing this machine in great detail will be
published in the October 1999 issue of Cryptologia.
The NEMA simulator can be downloaded from the following Web sites:
http://www.blueangel.demon.co.uk/nema/
and
http://home.cern.ch/~frode/crypto/simula/nema/index.html
Computer simulations of other cipher machines will be released
in the near future. A preview of these machines can be seen at:
http://www.blueangel.demon.co.uk/crypto/
and
http://home.cern.ch/~frode/crypto/simula/index.html
Frode
--
Frode Weierud Phone : +41 22 7674794
CERN, SL, CH-1211 Geneva 23, Fax : +41 22 7679185
Switzerland E-mail : [EMAIL PROTECTED]
WWW : home.cern.ch/~frode
------------------------------
From: [EMAIL PROTECTED] (CryptoBook)
Subject: Re: Lorenz cipher?
Date: 27 Sep 1999 13:52:29 GMT
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
(Id Est) writes:
>Singh's "The Code Book" briefly describes the Lorenz cipher as being
>the cipher used to encrypt communications between Hitler and his
>generals. how did it work?
Lorenz was a machine cipher based on Vernam's method applying a pseudorandom
additive to a teleprinter code. More information is available in the following
pamphlet:
THE COLOSSUS COMPUTER 1943-1996: How It Helped to Break the German Lorenz
Cipher in WWII
by Tony Sale
A slightly expanded text of a talk presented by the author at open weekends in
Bletchley Park. Describes the Lorenz system, first intercepts, the German
mistake, the denouement, contribution to D-Day, the end of Colossus, the
rebuild, and performance.
M&M Baldwin, 1998, 17 pp.
Pamphlet, Nonmember $6.95, Member $5.95
Classical Crypto Books is proud to be the excusive North American distributor
of this pamphlet. Member prices are available to members of the American
Cryptogram Association, the US Naval Cryptologic Veterans Association, and full
time students. Shipping and handling are extra. For complete ordering
information, a free catalog of crypto books, or for information about
membership in the American Cryptogram Association, please send email to
[EMAIL PROTECTED]
Best Wishes,
Gary Rasmussen
Classical Crypto Books
E-Mail: [EMAIL PROTECTED]
Fax: (603) 432-4898
------------------------------
From: Anton Stiglic <[EMAIL PROTECTED]>
Subject: Re: msg for Dave Scott
Date: Mon, 27 Sep 1999 10:05:26 -0400
Keith A Monahan wrote:
> Can someone help me out here? I've seen and read about the fact that most
> encryption algorithms use padding in the last block to make sure their
> last block is the same size as the rest of the blocks.
>
> What happens when the transmitted file size (or transaction, or ...) is
> the same everytime. I mean, what happens when it is a predictable length?
> This gives the attacker some plaintext, which can't possibly be good.
>
Actually, knowing the lenght of the message gives you much more info!
Imagine seeing an ecryption of a 'yes' or 'no' answer, if you saw something
like '$R' and '%0#', which one would you think is yes?
The thing is that you must not see the padding, it should be encrypted, so as
to not give any info on the lenght. If all encrypted blocks have the same lenght,
the only info you get is a size limit to the plaintext.
Anton
------------------------------
From: Rochus Wessels <[EMAIL PROTECTED]>
Subject: Re: Proving cipher strength
Date: 27 Sep 1999 16:08:10 +0200
Toby Kelsey <[EMAIL PROTECTED]> writes:
> (a) Choose a model for computation (e.g. a Turing machine) with
> weights for each operation representing time/effort.
First problem. You have to show it for EVERY model of computation
which may be realized. (And you don't know whether you know every one...)
------------------------------
From: Jerry Leichter <[EMAIL PROTECTED]>
Subject: Re: Decryption --Help!!!
Date: Mon, 27 Sep 1999 10:05:41 -0400
| ...This reminds one of the attempt to simulate the style of a source
| without understanding a bit of it, by randomly generating output
| with the same probabilities for all n-grams. I think there is an
| example of this in Kernighan & Pike's book, "The Practice of
| Programming" ...
As far as I know, the originator of this technique was none other than
Claude Shannon, who used it to estimate the entropy of English text.
There are examples in a classic introduction to information theory by
Pierce. Pierce, like Shannon, had to construct his examples without the
aid of a computer. The required effort (and corpus size) goes up
rapidly with n, so neither went beyond n=3. Instead, after that they
shifted to n-word-grams (i.e., a 1-word-gram chooses *words* from the
corpus's statistical distribution, and so on.) By the time you get to
3-word-grams, you get a lot of stuff that almost makes sense: There are
enough short stylized phrases in English that 3-word-grams will hit them
often.
The first place I know of where a computer program to generate such
texts appeared was in a book called "Algorithms in SNOBOL4", which was
published in the early '70's.
-- Jerry
------------------------------
From: "Some programmers" <[EMAIL PROTECTED]>
Subject: Twofish and Leapfrog
Date: Mon, 27 Sep 1999 11:15:15 -0400
>From the S-box function in Twofish:
y0 = q1[q0[q0[y2;0] Xor l1;0] Xor l0;0]
y1 = q0[q0[q1[y2;1] Xor l1;1] Xor l0;1]
y2 = q1[q1[q0[y2;2] Xor l1;2] Xor l0;2]
y3 = q0[q1[q1[y2;3] Xor l1;3] Xor l0;3]
Here, q0 and q1 are fixed permutations on 8-bit values.
See: http://www.counterpane.com/twofish-paper.html
>From the main function in LeapFrog:
* get the T variables
T1 = A1(p1), T2 = A2(p2), T3 = A3(p3), T4 = A4(p4)
* note the T variable order
p5 = p5 Xor A1(A1(T2 Xor T3) Xor T4)
p6 = p6 Xor A2(A2(T1 Xor T4) Xor T3)
p7 = p7 Xor A3(A3(T4 Xor T2) Xor T1)
p8 = p8 Xor A4(A4(T3 Xor T1) Xor T2)
p5 = (p5 + T1) And FF
p6 = (p6 + T2) And FF
p7 = (p7 + T3) And FF
p8 = (p8 + T4) And FF
http://merrel.members.atlantic.net
I'm not comparing the security of the two, just noting a specific
similarity. Yes, I see that the substitutions in Twofish are optimized,
where Leapfrog uses only key dependant s-boxes. Leapfrog uses simple Xors
and adds, where Twofish uses a MDS function and a real PHT. I'm sure Twofish
is more secure, so don't spit fire! I just thought I would note what I see,
because I have reason to believe Schneier saw Leapfrog in '96.
Regards,
Some programmers
------------------------------
From: Paul Koning <[EMAIL PROTECTED]>
Subject: Re: Cryptographically strong random number generator
Date: Mon, 27 Sep 1999 10:53:48 -0400
Karsten Spang wrote:
>
> On what criteria does one assess that a random number generator is
> cryptographically strong? Is the XPG4r2 random() cryptographically strong?
>
> According to the manual:
> > With 256 bytes of state information, the period of the random-number generator
> > is greater than 2^69.
I'm not familiar with that particular generator, but that statement
is some cause for concern. It certainly is true that a generator
with a short period cannot be strong, but the fact that the period
is long doesn't make it strong. There's a direct analogy with
number of distinct keys; people who don't know what they are doing
often argue that their cipher is strong because it has 7 googol
possible keys. So...while the long period is slightly interesting,
it's not a particularly significant consideration.
Take a look at the Yarrow paper by Scheier et al. Look at the
source code for /dev/random in Linux. These will give you a good
feel for the design principles of good generators.
paul
------------------------------
From: [EMAIL PROTECTED] (Frode Weierud)
Subject: Re: NEMA, Swiss cipher machine
Date: 27 Sep 1999 15:40:58 GMT
Reply-To: [EMAIL PROTECTED]
[EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) writes:
> Is this the unfamous machine the NSA had speicail modifacations too
>so that they could automataically read embassies mail around the world
>or is it somethine else. If is that one is it a specailly modifed version?
No, what you are thinking about are the machines made by the Swiss firm
Crypto AG. It has been claimed that these machine would transmit their key
settings as part of the message.
The NEMA machine is a mechanical cipher machine based on the Enigma and it
was manufactured by the Swiss company Zellweger AG. This machine would not
reveal its key as easily, :-)
Best wishes,
Frode
--
Frode Weierud Phone : +41 22 7674794
CERN, SL, CH-1211 Geneva 23, Fax : +41 22 7679185
Switzerland E-mail : [EMAIL PROTECTED]
WWW : home.cern.ch/~frode
------------------------------
From: Jerry Leichter <[EMAIL PROTECTED]>
Subject: Re: frequency of prime numbers?
Date: Mon, 27 Sep 1999 10:21:09 -0400
| >So, what Goedel really proved here was: Any sufficiently rich
| >axiomatic system is either inconsistent (it can prove a false
| >statement, hence it can prove *any* statement it can express);
|
| Not "*any*" statement. There are axiomatic systems that forbid
| irrelevant deductions.
I have no idea what this means.
| > OR there are true statements expressible within the system which
| >cannot be proved (within the system). What does "true" mean here?
| >Just what you'd naively expect if you didn't know about the axiomatic
| >method: There are no counter-examples to be found, no matter how
| >hard you look.
|
| In other words, there are no bindings of variables that make the
| statement false under interpretation.
What are variables "bound" to? What's "interpretation"?
If you are seriously interested in this area, learn something about
model theory (which provides a way of making sense of what you are
saying).
| >Goedel's results are part of a stream of results, usually seen in
| >retrospect as starting with Turing's proof of the impossibility of
| >providing an algorithm for the Halting Problem, that show that truth
| >andprovability are not the same thing.
|
| If truth and provability are not the same thing, and a system is
| either inconsistent or incomplete, doesn't that imply that there are
| unprovable statements that are neither true nor false, but independent
| of a consistent axiomatic system? If so, why refer (as above) only to
| the true statements which cannot be proved?
This paragraph reminds me of the way believers in crystal power talk
about "energy". They use the words of physics, as if just using those
words makes their statements statements about physics. You bandy about
words from mathematical logic as if the result *is* mathematical logic.
Sorry, but no. These statements amount to a projective test: It's
possible to project on it an interpretation that kind of makes sense,
but that has little to do with the basis of the statement.
Mathematical logic, model theory, proof theory - all of these are highly
technical, complex, and difficult areas. Until an adequate grounding
for them was established, starting around the turn of this century but
not really being completed until the 1960's, the field was full of
apparent paradoxes, ambiguities - and few solid results. You want to
talk intelligently about it? Do some homework. Read some of the books
in the field. Chaitin - someone else posted a URL for his home page -
has written an excellent introduction from his own point of view. Other
books - some highly technical, some overviews for the non-technical but
"mathematically mature", some introductions for the layman - exist.
-- Jerry
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: NEMA, Swiss cipher machine
Date: Mon, 27 Sep 1999 16:09:04 GMT
In article <7snp7p$ra2$[EMAIL PROTECTED]>, [EMAIL PROTECTED] wrote:
>The Cipher Simulation Group (CSG) has just released a computer
>simulation of the Swiss cipher machine NEMA (NEue MAschine).
>An article describing this machine in great detail will be
>published in the October 1999 issue of Cryptologia.
>
>The NEMA simulator can be downloaded from the following Web sites:
>http://www.blueangel.demon.co.uk/nema/
>and
>http://home.cern.ch/~frode/crypto/simula/nema/index.html
>
>Computer simulations of other cipher machines will be released
>in the near future. A preview of these machines can be seen at:
>http://www.blueangel.demon.co.uk/crypto/
>and
>http://home.cern.ch/~frode/crypto/simula/index.html
>
>Frode
>
>
Is this the unfamous machine the NSA had speicail modifacations too
so that they could automataically read embassies mail around the world
or is it somethine else. If is that one is it a specailly modifed version?
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
http://members.xoom.com/ecil/index.htm
NOTE EMAIL address is for SPAMERS
------------------------------
From: [EMAIL PROTECTED] (Patrick Juola)
Subject: Re: Example of a one way function?
Date: 27 Sep 1999 12:32:50 -0400
In article <[EMAIL PROTECTED]>, Tim Tyler <[EMAIL PROTECTED]> wrote:
>Boris Kolar <[EMAIL PROTECTED]> wrote:
>: Roger Carbol <[EMAIL PROTECTED]> wrote in message
>:> I. Michael Mandelberg <[EMAIL PROTECTED]> wrote:
>
>:> > Can someone point me to a one-way-function that is typically used
>:> > for encryption?
>:>
>:> Multiplication.
>
>: Of course multiplication is a one-way function, but It's not a very
>: conveniant one.
>
>Multiplication is a one-way function? I'd have thought it was
>generally eminently reversible.
Well, it's the basis of RSA encryption. I have two numbers p,q
and (quickly) derive n, their product.
You have n, and you take tremendous amounts of time to derive p and
q.
A one-way function doesn't mean the function isn't reversible, just
that it takes much more time to compute in one direction than in
the other.
-kitten
------------------------------
From: "Thomas J. Boschloo" <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp,comp.security.pgp
Subject: Re: Increasing password security dramatically without making it harder
Date: Mon, 27 Sep 1999 19:27:28 +0200
=====BEGIN PGP SIGNED MESSAGE=====
David P Jablon wrote:
>
> In article <[EMAIL PROTECTED]>,
> Thomas J. Boschloo <[EMAIL PROTECTED]> wrote:
> >
> >Instead of hashing the whole pass phrase, you hash the pass phrase with
> >some random data appended. I think I'll patent it! It's a great idea and
> >it is funny nobody thought of it before.
>
> Funny indeed. The idea is called "salt".
No it is not.
Basically there is strengthening passwords by appending an unknown
random number of bits to the password, as I suggested.
<http://www.research.digital.com/SRC/personal/Martin_Abadi/Papers/pwd-revised/pwd-revised.html>
And there is stretching passwords by making the individual calculations
very expensive. E.g. by iterating a hash 2^t times.
<http://www.counterpane.com/low-entropy.html>
Thanks for both links to David Wagner!
I got my question answered. No only to hope that other people start
putting it in their products (like pgp conventional encryption).
Regards,
Thomas
=====BEGIN PGP SIGNATURE=====
Version: PGPfreeware 5.5.3i for non-commercial use <http://www.pgpi.com>
Comment: Stick to RSA for now, pgp 2.6.3i rulez!
iQB5AwUBN++aowEP2l8iXKAJAQHPaAMgqpZn//4cte+Kmjb7UX4OYLpKdj8/hqr/
TjdAQWwjSdLQ00jdzvXZNT0w5zT1Dl9pCoem4UCFSVgcEy4FSLICoaTuf8wmIchg
41wDz8BWquS6OTA00DfIULMmgsjK9bUZGUfS+Q==
=ZKzo
=====END PGP SIGNATURE=====
--
Unknown: "A guy using crypto can't be all bad"
PGP key: http://x11.dejanews.com/getdoc.xp?AN=453727376
Email: boschloo_at_multiweb_dot_nl
------------------------------
From: John Myre <[EMAIL PROTECTED]>
Subject: Re: Schrodinger's Cat and *really* good compression
Date: Mon, 27 Sep 1999 09:47:35 -0600
Mok-Kong Shen wrote:
>
> Douglas A. Gwyn wrote:
> >
>
> > The issue is how the Copenhagen interpretation, wherein the
> > state of the cat is in a superposition of |live> & |dead>
> > until the human opens the box, could make any sense. Is the
> > cat in a state of half-existence? Isn't the cat just as
> > good an observer (better actually, because it knows the
> > answer before the human)? The whole idea was to point out
> > significant problems with the Copenhagen interpretation
> > of QM.
>
> That's why I said previously that the experiment is an 'analogy'/
> 'metapohor' which Schroedinger seemed to choose to employ on grounds
> of simplicity for communicating the idea of sort of unknown/undecided
> state of quantum theory to the layman. But I think this is a
> pedagogical failure.
>
> M. K. Shen
I'd have to agree that the general public (which includes me)
doesn't understand Quantum Mechanics very well. Since "everyone"
knows the story about the cat, you'd have to say it didn't do
much good in educating laymen.
But I don't think the experiment was intended for laymen at all.
The point, as Douglas said, was to highlight problems; and really,
you have to understand some significant physics before you
understand the difficulties with the theory. You have to know
even more to try and modify the theory to handle the problems.
The alive/dead cat image is just so strong that the story had
to permeate the public conciousness. Anyone can see that a cat
that is neither alive nor dead is silly on the face of it. The
physicists, on the other hand, get to struggle with whether
their theory really requires such a cat. (It is important to
note, however, that "silly on the face of it" and "wrong" are
not identical concepts. I don't believe in a cat that is
neither alive nor dead in this sense, but QM is full of wierd
stuff that really does happen.)
As for "analogy" or "metaphor", I don't think those are quite
the right interpretation. English is not a spectacularly
precise instrument, so I suppose the point is debatable. The
way I see it, the experiment is not a story intended to convey
a concept that you don't say directly. The experiment is the
real story. You could really do the experiment, although you
wouldn't learn anything, since the interesting part is before
you open the box to find out what happened!
John M.
------------------------------
Reply-To: "karl malbrain" <[EMAIL PROTECTED]>
From: "karl malbrain" <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: EAR Relaxed? Really?
Date: Mon, 27 Sep 1999 11:32:59 -0700
Douglas A. Gwyn <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
(...)
> Judge: *I* interpret the law, you are supposed to *execute*
> the law (and the legislature, Constitution, and English
> Common Law *make* the law).
Of course under ADMIRALTY law, the CAPTAIN of the SHIP carries the cargo, so
to speak. `Execute' is applicable only to WRITS of ATTAINDER. Karl M
------------------------------
From: Volker Hetzer <[EMAIL PROTECTED]>
Subject: Re: Example of a one way function?
Date: Mon, 27 Sep 1999 18:30:59 +0200
Tim Tyler wrote:
>
> Multiplication is a one-way function? I'd have thought it was
> generally eminently reversible.
>
> I think you need to invoke complex numbers, or modulo arithmetic,
> or *something* if you want to claim multiplication as a one-way
> function.
As long as you don't multiply primes, it's impossible to get the two
original factors out of the product.
In that way, even the addition is a one way function.
Greetings!
Volker
--
Hi! I'm a signature virus! Copy me into your signature file to help me spread!
------------------------------
From: "Luigi Funes" <[EMAIL PROTECTED]>
Subject: simple algorithm for hardware device?
Date: Mon, 27 Sep 1999 17:20:27 +0100
Hi all! I wonder if someone can help me!
I'm building a high speed hardware encryption/decryption
device working on a data stream of 16 bit words.
Data coming in variable size packets at 40 Mword/sec
and every word must be encrypted almost immediately, more
exactly the delay between the input and output of a every
word must be < 5 nS.
With this timing requirements and using low-cost FPGAs,
I belive it's impossible to implement strong algorithms
doing more than one round. Of course, for this
application a weak algorithm breakable in few hours by a
Pentium is good enough. :-)
I already succesfully tested a prototipe, using a trivial
algorithm XORing data and a LFSR, but now I have to
implement something of better.
Note the algorithm can be kept secret, because it's
hidden inside the FPGA, but a enemy could steal the
device, setup any key and encrypt and analyze any data.
Besides, the enemy knows the plain texts of many
encrypted data.
Someone can suggest me an algorithm for this device?
I'll appreciate any comment too. Thanks!
Luigi
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: NEMA, Swiss cipher machine
Date: Mon, 27 Sep 1999 18:50:08 GMT
[EMAIL PROTECTED] (Frode Weierud) wrote, in part:
>The Cipher Simulation Group (CSG) has just released a computer
>simulation of the Swiss cipher machine NEMA (NEue MAschine).
>An article describing this machine in great detail will be
>published in the October 1999 issue of Cryptologia.
It's certainly an interesting machine. I looked at the description of
it in your program's help file.
I'll probably add a brief description of it to my web page, on the
same page as I describe the FIALKA and other cipher machines similar
to the Enigma. (That is, if you have no objection.) However, with the
notation I use in my schematic diagrams, the drive rotors will become
pinwheels - and they will be in one row, with the contact rotors in
another row. (The text will note the discrepancy.)
As I understand it, the red rotor and two of the drive rotors move
with every letter enciphered, while the other two drive rotors are
controlled by the red rotor (and whenever a drive rotor is thus
prevented from moving, its accompanying contact rotor also does not
move). While the machine has a large number of initial settings, that
means its period is only 676, but I suppose that was considered
adequate, and regulations limited the length of the segment of a
message that could be enciphered at a single setting.
John Savard ( teneerf<- )
http://www.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
